Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

access list from a PIX Rookie

There is a web site that users at my company need to access on port 7001. Do I have to add this port to my access-list and does it have to be before any deny statement? ie

access-list user_access permit tcp any any eq 7001

Thanks

2 REPLIES
New Member

Re: access list from a PIX Rookie

If the Web server your users need to access is located outside the PIX, you don't need to permit port 7001 in your access-list. The PIX maintains a table of all sessions that are initiated from the inside, and permits the return traffic even if you don't specifically permit the respective sockets in your ACL. In fact, you only need to create an ACL for sessions that will be initiated from a lower-security interface to a higher one.

New Member

Re: access list from a PIX Rookie

Well the web server is outside (ie the internet)and my users are obviously on a secure inside interface. Thank you sir!!

110
Views
0
Helpful
2
Replies
CreatePlease to create content